Do not input private or sensitive data. View Qlik Privacy & Cookie Policy.
Skip to main content

Qlik

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Announcements
Qlik Connect 2025! Join us in Orlando join us for 3 days of immersive learning: REGISTER TODAY

Qlik Sense Enterprise on Windows and the PostgreSQL CVE-2025-1094 vulnerability

100% helpful (3/3)
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Nick_Asilo
Support
Support

Qlik Sense Enterprise on Windows and the PostgreSQL CVE-2025-1094 vulnerability

Last Update:

May 8, 2025 9:43:22 AM

Updated By:

Sonja_Bauernfeind

Created date:

Feb 19, 2025 2:00:01 AM

PostgreSQL has identified a vulnerability (CVE-2025-1094) that allows for SQL injection under certain scenarios. For more information, see CVE-2025-1094: PostgreSQL quoting APIs miss neutralizing quoting syntax in text that fails encoding ....

 

Resolution

To allow for quick mitigation of PostgreSQL vulnerabilities, Qlik offers the ability to run and manage your own PostgreSQL instance independently of what Qlik Sense Enterprise on Windows is shipped with. This allows for direct control of your PostgreSQL instance and facilitates maintenance without a dependency on Qlik Sense. Further Database upgrades can then be performed independently and in accordance with your corporate security policy when needed, as long as you remain within the supported PostgreSQL versions.

Recommendations

Upgrade to Qlik Sense Enterprise on Windows May 2025 IR

Qlik Sense Enterprise on Windows May 2025 IR includes PostgreSQL 14.17 in its installer. See the System Requirements for details.

 

Upgrade PostgreSQL

If you have already installed a standalone PostgreSQL database, or if you have used the Qlik PostgreSQL Installer (QPI) to upgrade and decouple your previously bundled database, then you can upgrade PostgreSQL at any time. This means you control maintenance and can immediately react to potential PostgreSQL security concerns by upgrading to a later service release or a later major version.

See Qlik Sense Enterprise on Windows: How To Upgrade Standalone PostgreSQL.

Verify your Qlik Sense Enterprise on Windows version's System Requirements before committing to a PostgreSQL version.

Unbundle and upgrade PostgreSQL using QPI

If you have not yet installed a standalone PostgreSQL instance, this is the preferred method to gain direct control to upgrade at your own pace. For instructions, see Upgrading and unbundling the Qlik Sense Repository Database using the Qlik PostgreSQL Installer.

Manually switch to a dedicated PostgreSQL database

An alternative method to migrate to a standalone PostgreSQL instance is available in How to configure Qlik Sense to use a dedicated PostgreSQL database.

 

Related Content

 

Internal Investigation ID(s)

SUPPORT-896

 

Environment

  • Qlik Sense Enterprise on Windows
Labels (1)
Labels:
4,638 Views
Was this article helpful? Yes No
Comments
Nick_Asilo
Support
Support
‎2025-03-07 08:35 AM

The QPI toll is not the only way to unbundle the database, as pointed out previously, if you cannot use QPI, the second method listed is what we have available: How to configure Qlik Sense to use a dedicated PostgreSQL database

Sonja_Bauernfeind
Digital Support
Digital Support
‎2025-03-07 09:38 AM

Hello @Stephanus 

Qlik Sense Enterprise on Windows has a release cadence of May and November. See Release Cadence Update: Qlik Sense Enterprise Client-Managed.

As for what versions of PostgreSQL come bundled, you will be able to see this in the System Requirements for the relevant release.

All the best,
Sonja

Sonja_Bauernfeind
Digital Support
Digital Support
Thursday

Hello @oehmemat 

May 2025 IR was released yesterday. It includes PostgreSQL 14.17. See the System Requirements for details.

All the best,
Sonja

Version history
Last update:
Thursday
Updated by:
Digital Support